﻿using System.Web;
using System.Web.Mvc;
using Wedn.Net.Common;
using Wedn.Net.Model;
using Wedn.Net.Utility;

namespace Wedn.Net.Controller.Attribute
{
    //class RoleAttribute
    //{
    //}
    /// <summary>
    /// 管理员特性
    /// </summary>
    public class AdminOnlyAttribute : AuthorizeAttribute //FilterAttribute, IAuthorizationFilter
    {
        private User _currentUser;
        /// <summary>
        /// 当前用户对象实体
        /// </summary>
        protected User CurrentUser
        {
            get { return _currentUser ?? (_currentUser = SessionHelper.GetSession<User>("CurrentUser")); }
        }
        /// <summary>
        /// 校验请求授权方法
        /// </summary>
        /// <param name="filterContext">AuthorizeAttribute 的信息</param>
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
            if (filterContext.HttpContext.Response.StatusCode == 403)
            {
                filterContext.Result = new RedirectResult("/Wedn/");
            } 
        }
        /// <summary>
        /// 指示指定的控件是否已获得授权
        /// </summary>
        /// <param name="httpContext">HTTP 上下文，它封装有关单个 HTTP 请求的所有 HTTP 特定的信息</param>
        /// <returns>如果用户已经过授权，则为 true；否则为 false。</returns>
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var res=CurrentUser != null && CurrentUser.Role == (int)UserRole.Administrator;
            if (!res)
                httpContext.Response.StatusCode = 403;
            return res;
        }
    }

    public class UserAuthorize
    {
        
    }
}
